Casino attack: cyber threat increasing

Casino attack: cyber threat increasing

An Ontario casino – along with its customers and employees – is the latest victim of a cyberattack.

The Casino Rama, which sits on the Rama First Nation about two-hours’ drive north of Toronto, announced on Friday that it had been hit by a cyberattack that resulted in the theft of data for customers, employees and vendors, both past and present.

A hacker claimed to have accessed a wealth of information dating as far back as 2004, the casino said in a statement on its website, which includes payroll data such as social insurance numbers and dates of birth of employees, along with the casino’s IT information and financial reports.

The company’s internal teams have been working with cyber security experts, and an investigation is ongoing, it said – but the incident is evidence of the growing threat from cybercrime, even to small and mid-sized companies.

“Overall we’ve seen a rise in attacks targeting gaming institutions like casinos. Even organizations who go to great lengths when it comes to security, can fall victim to a cyberattack,” J.Paul Haynes, CEO of eSentire – an Ontario-based cybersecurity firm – told Insurance Business.

Smaller organizations, who tend to have less resources and strategies in place to mitigate the risk of cyberattacks, are increasingly falling prey to attacks, Haynes said.

“Midsized organizations are a popular attack target as they typically don’t have the same level of cybersecurity defenses as their larger peers… The individuals targeting these organizations are using sophisticated toolkits designed to find and exploit any potential points of network entry,” he explained.

While no details have been released by Casino Rama on how the hacking took place, IT World reports that point-of-sale (POS) machines in hotels and casinos have been a hot target over the years.

A ‘memory scraper’ malware for POS machines had been victimizing guests in casinos, resorts and hotels in Canada, the United States, Europe, the Middle East and Latin America last year, it said.

At a cyber event last week, Ed chief innovation officer, Peter Hacker, warned of the volatility of the risk of cyber, which he said showed “unparalleled” risk spikes.

The consequences of the loss of intangibles via a cyberattack, Hacker added, are drastic – and at worst could push a company into default.

Haynes said that the loss of personally identifiable information, such as social insurance numbers and credit card information, means that the effects of incidents like the Casino Rama breach could be felt for months, or even years.

“Usually the information ends up for sale on the dark web,” he said, adding: “With over three million customers per year and more than 2000 staff and a number of third party vendors, thousands of individuals could be impacted.”

Meanwhile, the casino said that while there is no indication that the hacker continues to have access to the resort’s system, it is still possible that information leaked in the attack may be published online.

The company advised customers, employees and vendors to monitor and verify bank accounts, credit card and other financial transaction statements, while its investigations continue.